Interior admits security flaws in trust systems

Interior secretary Gale Norton told the Office of Management and Budget recently that the department's financial systems are riddled with security weaknesses, even after she had told the U.S. District Court for the District of Columbia last month that they were secure.

Norton's statements to OMB Sept. 8 in the department's Financial Management Report and Strategic Plan (FY 2004'FY 2008) came to light in a filing today by the plaintiffs in Cobell v. Norton. That seven-year-old litigation over Interior's mismanagement of American Indian trust funds hinges in large part on whether the department has secured the trust systems from hacking.

Several Interior systems remain disconnected from the Internet because of court orders issued in the case.

Norton wrote to OMB on Sept. 8 that Interior 'has not established access controls that limit or detect inappropriate access to information technology systems and related resources, thereby increasing the risk of unauthorized modification, loss or disclosure of sensitive or confidential data.'

Interior reported to OMB that American Indian trust fund data is 'unreliable, inaccurate and inconsistent, and trust systems have been inadequate to comprehensively process trust data and support investment activities,' according to the plaintiffs' filing.

Norton made a contrary statement in an Aug. 11 court filing, saying Interior's 'IT systems are secure, for purposes of Internet connectivity ' and sufficient security measures are presently in place to protect [against] unauthorized Internet access.'

Interior spokesman Dan Dubray said he could not comment on the plaintiffs' filing yet because he had not had an opportunity to review it.

The court first ordered Interior in December 2001 to sever its connections to the Internet after court contractors proved that American Indian trust accounts could be easily hacked. On July 28, the court reinstated its cutoff order and required the department to justify why it has reconnected of most of its systems to the Internet.

Interior responded Aug. 27 with a reconnection plan under which it would provide security details, including network maps, comparison with a list of the top 20 vulnerabilities of computer systems, a vulnerability assessment and penetration testing.

inside gcn

  • When cybersecurity capabilities are paid for, but untapped

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group